Uploaded image for project: 'AMQ Broker'
  1. AMQ Broker
  2. ENTMQBR-5372

User with a role not declared on RBAC, can access the console

    XMLWordPrintable

Details

    • False
    • False
    • User Experience
    • undefined
    • Hide

      1. Create a broker with default values

      $ /path/to/amq782/bin/artemis create /tmp/broker782 --user admin --password admin --allow-anonymous

      2. Add an additional user and role to broker
      $ printf "\nreadonly=reader" >> /tmp/broker782/etc/artemis-roles.properties
      $ printf "\nreader=reader" >> /tmp/broker782/etc/artemis-users.properties

      3. Start broker
      $ /tmp/broker782/bin/artemis run

      4. Try to access Management Console on http://localhost:8161 with these credentials:
      Username: reader
      Password: reader

      5. User "reader" can read information on the left side on the screen

      Show
      1. Create a broker with default values $ /path/to/amq782/bin/artemis create /tmp/broker782 --user admin --password admin --allow-anonymous 2. Add an additional user and role to broker $ printf "\nreadonly=reader" >> /tmp/broker782/etc/artemis-roles.properties $ printf "\nreader=reader" >> /tmp/broker782/etc/artemis-users.properties 3. Start broker $ /tmp/broker782/bin/artemis run 4. Try to access Management Console on http://localhost:8161 with these credentials: Username: reader Password: reader 5. User "reader" can read information on the left side on the screen

    Description

      If I add an additional user and role to the broker, and without adding this role to RBAC settings or Hawtio enabled roles, any user having this role is able to enter into the Management Console, and can read some information from queues at the left side of the screen (queues names, queue types, acceptors, etc.)

      He should not be able to ever access the Management console

      Attachments

        Activity

          People

            rh-ee-ataylor Andy Taylor
            rhn-support-anarvaez Alfredo Narvaez
            Oleg Sushchenko Oleg Sushchenko
            Mudassar Iqbal (Inactive)
            Votes:
            1 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: